﻿<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><!--
 Archive processed by SingleFile 
 url: https://tools.ietf.org/html/rfc6911 
 saved date: Sat Oct 18 2014 04:11:20 GMT+0300 (Финляндия (лето)) 
--><head profile="http://dublincore.org/documents/2008/08/04/dc-html/">
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
    <meta name="robots" content="index,follow">
    <meta name="creator" content="rfcmarkup version 1.109">
    <link rel="schema.DC" href="http://purl.org/dc/elements/1.1/">
<meta name="DC.Relation.Replaces" content="draft-lourdelet-radext-ipv6-access">
<meta name="DC.Identifier" content="urn:ietf:rfc:6911">
<meta name="DC.Date.Issued" content="April, 2013">
<meta name="DC.Creator" content="Zorn, Glen">
<meta name="DC.Creator" content="Lourdelet, Benoit">
<meta name="DC.Creator" content="Dec, Wojciech">
<meta name="DC.Creator" content="Miles, David">
<meta name="DC.Creator" content="Sarikaya, Behcet">
<meta name="DC.Description.Abstract" content="This document specifies additional IPv6 RADIUS Attributes useful in\nresidential broadband network deployments. The Attributes, which are\nused for authorization and accounting, enable assignment of a host\nIPv6 address and an IPv6 DNS server address via DHCPv6, assignment of\nan IPv6 route announced via router advertisement, assignment of a\nnamed IPv6 delegated prefix pool, and assignment of a named IPv6 pool\nfor host DHCPv6 addressing.">
<meta name="DC.Title" content="RADIUS Attributes for IPv6 Access Networks">

    <link rel="icon" href="" type="image/png">
    <link rel="shortcut icon" href="" type="image/png">
    <title>RFC 6911 - RADIUS Attributes for IPv6 Access Networks</title>
    
    
    <style type="text/css">
	body {
	    margin: 0px 8px;
            font-size: 1em;
	}
        h1, h2, h3, h4, h5, h6, .h1, .h2, .h3, .h4, .h5, .h6 {
	    font-weight: bold;
            line-height: 0pt;
            display: inline;
            white-space: pre;
            font-family: monospace;
            font-size: 1em;
	    font-weight: bold;
        }
        pre {
            font-size: 1em;
            margin-top: 0px;
            margin-bottom: 0px;
        }
	.pre {
	    white-space: pre;
	    font-family: monospace;
	}
	.header{
	    font-weight: bold;
	}
        .newpage {
            page-break-before: always;
        }
        .invisible {
            text-decoration: none;
            color: white;
        }
        a.selflink {
          color: black;
          text-decoration: none;
        }
        @media print {
            body {
                font-family: monospace;
                font-size: 10.5pt;
            }
            h1, h2, h3, h4, h5, h6 {
                font-size: 1em;
            }
        
            a:link, a:visited {
                color: inherit;
                text-decoration: none;
            }
            .noprint {
                display: none;
            }
        }
	@media screen {
	    .grey, .grey a:link, .grey a:visited {
		color: #777;
	    }
            .docinfo {
                background-color: #EEE;
            }
            .top {
                border-top: 7px solid #EEE;
            }
            .bgwhite  { background-color: white; }
            .bgred    { background-color: #F44; }
            .bggrey   { background-color: #666; }
            .bgbrown  { background-color: #840; }            
            .bgorange { background-color: #FA0; }
            .bgyellow { background-color: #EE0; }
            .bgmagenta{ background-color: #F4F; }
            .bgblue   { background-color: #66F; }
            .bgcyan   { background-color: #4DD; }
            .bggreen  { background-color: #4F4; }

            .legend   { font-size: 90%; }
            .cplate   { font-size: 70%; border: solid grey 1px; }
	}
    </style>
    <!--[if IE]>
    <style>
    body {
       font-size: 13px;
       margin: 10px 10px;
    }
    </style>
    <![endif]-->

    
</head>
<body>
   <div style="height: 13px;">
      <div onmouseover="this.style.cursor='pointer';" onclick="showElem('legend');" onmouseout="hideElem('legend')" style="height: 6px; position: absolute;" class="pre noprint docinfo bgblue" title="Click for colour legend.">                                                                        </div>
      <div id="legend" class="docinfo noprint pre legend" style="position:absolute; top: 4px; left: 4ex; visibility:hidden; background-color: white; padding: 4px 9px 5px 7px; border: solid #345 1px; " onmouseover="showElem('legend');" onmouseout="hideElem('legend');">
      </div>
   </div>
<span class="pre noprint docinfo top">[<a href="https://tools.ietf.org/html" title="Document search and retrieval page">Docs</a>] [<a href="https://tools.ietf.org/rfc/rfc6911.txt" title="Plaintext version of this document">txt</a>|<a href="https://tools.ietf.org/pdf/rfc6911" title="PDF version of this document">pdf</a>] [<a href="https://tools.ietf.org/html/draft-ietf-radext-ipv6-access" title="draft-ietf-radext-ipv6-access">draft-ietf-radext...</a>] [<a href="https://tools.ietf.org/rfcdiff?difftype=--hwdiff&amp;url2=rfc6911" title="Inline diff (wdiff)">Diff1</a>] [<a href="https://tools.ietf.org/rfcdiff?url2=rfc6911" title="Side-by-side diff">Diff2</a>]                 </span><br>
<span class="pre noprint docinfo">                                                                        </span><br>
<span class="pre noprint docinfo">                                                       PROPOSED STANDARD</span><br>
<span class="pre noprint docinfo">                                                                        </span><br>
<pre>Internet Engineering Task Force (IETF)                       W. Dec, Ed.
Request for Comments: 6911                           Cisco Systems, Inc.
Category: Standards Track                                    B. Sarikaya
ISSN: 2070-1721                                               Huawei USA
                                                            G. Zorn, Ed.
                                                             Network Zen
                                                                D. Miles
                                                                  Google
                                                            B. Lourdelet
                                                        Juniper Networks
                                                              April 2013


               <span class="h1"><h1>RADIUS Attributes for IPv6 Access Networks</h1></span>

Abstract

   This document specifies additional IPv6 RADIUS Attributes useful in
   residential broadband network deployments.  The Attributes, which are
   used for authorization and accounting, enable assignment of a host
   IPv6 address and an IPv6 DNS server address via DHCPv6, assignment of
   an IPv6 route announced via router advertisement, assignment of a
   named IPv6 delegated prefix pool, and assignment of a named IPv6 pool
   for host DHCPv6 addressing.

Status of This Memo

   This is an Internet Standards Track document.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Further information on
   Internet Standards is available in <a href="https://tools.ietf.org/html/rfc5741#section-2">Section&nbsp;2 of RFC 5741</a>.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   <a href="http://www.rfc-editor.org/info/rfc6911">http://www.rfc-editor.org/info/rfc6911</a>.













<span class="grey">Dec, et al.                  Standards Track                    [Page 1]</span>
</pre><!--NewPage--><pre class="newpage"><a name="page-2" id="page-2" href="#page-2" class="invisible"> </a>
<span class="grey"><a href="https://tools.ietf.org/html/rfc6911">RFC 6911</a>                   RADIUS IPv6 Access                 April 2013</span>


Copyright Notice

   Copyright (c) 2013 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to <a href="https://tools.ietf.org/html/bcp78">BCP 78</a> and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (<a href="http://trustee.ietf.org/license-info">http://trustee.ietf.org/license-info</a>) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in <a href="#section-4">Section 4</a>.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   <a href="#section-1">1</a>.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   <a href="#page-3">3</a>
     <a href="#section-1.1">1.1</a>.  Requirements Language . . . . . . . . . . . . . . . . . .   <a href="#page-3">3</a>
   <a href="#section-2">2</a>.  Deployment Scenarios  . . . . . . . . . . . . . . . . . . . .   <a href="#page-3">3</a>
     <a href="#section-2.1">2.1</a>.  IPv6 Address Assignment . . . . . . . . . . . . . . . . .   <a href="#page-4">4</a>
     <a href="#section-2.2">2.2</a>.  DNS Servers . . . . . . . . . . . . . . . . . . . . . . .   <a href="#page-5">5</a>
     <a href="#section-2.3">2.3</a>.  IPv6 Route Information  . . . . . . . . . . . . . . . . .   <a href="#page-5">5</a>
     <a href="#section-2.4">2.4</a>.  Delegated IPv6 Prefix Pool  . . . . . . . . . . . . . . .   <a href="#page-6">6</a>
     <a href="#section-2.5">2.5</a>.  Stateful IPv6 Address Pool  . . . . . . . . . . . . . . .   <a href="#page-6">6</a>
   <a href="#section-3">3</a>.  Attributes  . . . . . . . . . . . . . . . . . . . . . . . . .   <a href="#page-6">6</a>
     <a href="#section-3.1">3.1</a>.  Framed-IPv6-Address . . . . . . . . . . . . . . . . . . .   <a href="#page-6">6</a>
     <a href="#section-3.2">3.2</a>.  DNS-Server-IPv6-Address . . . . . . . . . . . . . . . . .   <a href="#page-8">8</a>
     <a href="#section-3.3">3.3</a>.  Route-IPv6-Information  . . . . . . . . . . . . . . . . .   <a href="#page-9">9</a>
     <a href="#section-3.4">3.4</a>.  Delegated-IPv6-Prefix-Pool  . . . . . . . . . . . . . . .  <a href="#page-10">10</a>
     <a href="#section-3.5">3.5</a>.  Stateful-IPv6-Address-Pool  . . . . . . . . . . . . . . .  <a href="#page-11">11</a>
     <a href="#section-3.6">3.6</a>.  Table of Attributes . . . . . . . . . . . . . . . . . . .  <a href="#page-11">11</a>
   <a href="#section-4">4</a>.  Diameter Considerations . . . . . . . . . . . . . . . . . . .  <a href="#page-12">12</a>
   <a href="#section-5">5</a>.  Security Considerations . . . . . . . . . . . . . . . . . . .  <a href="#page-12">12</a>
   <a href="#section-6">6</a>.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  <a href="#page-12">12</a>
   <a href="#section-7">7</a>.  Acknowledgments . . . . . . . . . . . . . . . . . . . . . . .  <a href="#page-13">13</a>
   <a href="#section-8">8</a>.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  <a href="#page-13">13</a>
     <a href="#section-8.1">8.1</a>.  Normative References  . . . . . . . . . . . . . . . . . .  <a href="#page-13">13</a>
     <a href="#section-8.2">8.2</a>.  Informative References  . . . . . . . . . . . . . . . . .  <a href="#page-13">13</a>












<span class="grey">Dec, et al.                  Standards Track                    [Page 2]</span>
</pre><!--NewPage--><pre class="newpage"><a name="page-3" id="page-3" href="#page-3" class="invisible"> </a>
<span class="grey"><a href="https://tools.ietf.org/html/rfc6911">RFC 6911</a>                   RADIUS IPv6 Access                 April 2013</span>


<span class="h2"><h2><a class="selflink" name="section-1" href="#section-1">1</a>.  Introduction</h2></span>

   This document specifies additional RADIUS Attributes used to support
   configuration of DHCPv6 and/or ICMPv6 Router Advertisement (RA)
   parameters on a per-user basis.  The Attributes, which complement
   those defined in [<a href="https://tools.ietf.org/html/rfc3162" title="&quot;RADIUS and IPv6&quot;">RFC3162</a>] and [<a href="https://tools.ietf.org/html/rfc4818" title="&quot;RADIUS Delegated-IPv6-Prefix Attribute&quot;">RFC4818</a>], support the following:

   o  The assignment of specific IPv6 addresses to hosts via DHCPv6.

   o  The assignment of an IPv6 DNS server address, via DHCPv6 or Router
      Advertisement [<a href="https://tools.ietf.org/html/rfc6106" title="&quot;IPv6 Router Advertisement Options for DNS Configuration&quot;">RFC6106</a>].

   o  The configuration of more specific routes to be announced to the
      user via the Route Information Option defined in <a href="https://tools.ietf.org/html/rfc4191#section-2.3">[RFC4191],
      Section&nbsp;2.3</a>.

   o  The assignment of a named delegated prefix pool for use with "IPv6
      Prefix Options for Dynamic Host Configuration Protocol (DHCP)
      version 6" [<a href="https://tools.ietf.org/html/rfc3633" title="&quot;IPv6 Prefix Options for Dynamic Host Configuration Protocol (DHCP) version 6&quot;">RFC3633</a>].

   o  The assignment of a named stateful address pool for use with
      DHCPv6 stateful address assignment [<a href="https://tools.ietf.org/html/rfc3315" title="&quot;Dynamic Host Configuration Protocol for IPv6 (DHCPv6)&quot;">RFC3315</a>].

<span class="h3"><h3><a class="selflink" name="section-1.1" href="#section-1.1">1.1</a>.  Requirements Language</h3></span>

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in <a href="https://tools.ietf.org/html/rfc2119">RFC 2119</a> [<a href="https://tools.ietf.org/html/rfc2119" title="&quot;Key words for use in RFCs to Indicate Requirement Levels&quot;">RFC2119</a>].

<span class="h2"><h2><a class="selflink" name="section-2" href="#section-2">2</a>.  Deployment Scenarios</h2></span>

   The extensions in this document are intended to be applicable across
   a wide variety of network access scenarios in which RADIUS is
   involved.  One such typical network scenario is illustrated in Figure
   1.  It is composed of an IP Routing Residential Gateway (RG) or host;
   a Layer 2 Access Node (AN), e.g., a Digital Subscriber Line Access
   Multiplexer (DSLAM); an IP Network Access Server (NAS) (incorporating
   an Authentication, Authorization, and Accounting (AAA) client); and a
   AAA server.












<span class="grey">Dec, et al.                  Standards Track                    [Page 3]</span>
</pre><!--NewPage--><pre class="newpage"><a name="page-4" id="page-4" href="#page-4" class="invisible"> </a>
<span class="grey"><a href="https://tools.ietf.org/html/rfc6911">RFC 6911</a>                   RADIUS IPv6 Access                 April 2013</span>


                                                       +-----+
                                                       | AAA |
                                                       |     |
                                                       +--+--+
                                                          ^
                                                          .
                                                          .(RADIUS)
                                                          .
                                                          v
                        +------+                      +---+---+
         +------+       |      |                      |       |
         |  RG/ +-------|  AN  +-----------+----------+  NAS  |
         | host |       |      |                      |       |
         +------+ (DSL) +------+      (Ethernet)      +-------+

                                  Figure 1

   In the depicted scenario, the NAS may utilize an IP address
   configuration protocol (e.g., DHCPv6) to handle address assignment to
   RGs/hosts.  The RADIUS server authenticates each RG/host and returns
   the Attributes used for authorization and accounting.  These
   Attributes can include a host's IPv6 address, a DNS server address,
   and a set of IPv6 routes to be advertised via any suitable protocol,
   e.g., ICMPv6 (Neighbor Discovery).  The name of a prefix pool to be
   used for DHCPv6 Prefix Delegation or the name of an address pool to
   be used for DHCPv6 address assignment can also be Attributes provided
   to the NAS by the RADIUS AAA server.

   The following subsections discuss how these Attributes are used in
   more detail.

<span class="h3"><h3><a class="selflink" name="section-2.1" href="#section-2.1">2.1</a>.  IPv6 Address Assignment</h3></span>

   DHCPv6 [<a href="https://tools.ietf.org/html/rfc3315" title="&quot;Dynamic Host Configuration Protocol for IPv6 (DHCPv6)&quot;">RFC3315</a>] provides a mechanism to assign one or more non-
   temporary IPv6 addresses to hosts.  To provide a DHCPv6 server
   residing on a NAS with one or more IPv6 addresses to be assigned,
   this document specifies the Framed-IPv6-Address Attribute
   (<a href="#section-3.1">Section 3.1</a>).

   While [<a href="https://tools.ietf.org/html/rfc3162" title="&quot;RADIUS and IPv6&quot;">RFC3162</a>] permits the specification of an IPv6 address via the
   combination of the Framed-Interface-Id and Framed-IPv6-Prefix
   Attributes, this separation is more natural for use with PPP's IPv6
   Control Protocol than it is for use with DHCPv6, and the use of a
   single IPv6 address Attribute makes for easier processing of
   accounting records.






<span class="grey">Dec, et al.                  Standards Track                    [Page 4]</span>
</pre><!--NewPage--><pre class="newpage"><a name="page-5" id="page-5" href="#page-5" class="invisible"> </a>
<span class="grey"><a href="https://tools.ietf.org/html/rfc6911">RFC 6911</a>                   RADIUS IPv6 Access                 April 2013</span>


   Because DHCPv6 can be deployed on the same network as ICMPv6
   stateless address autoconfiguration (SLAAC) [<a href="https://tools.ietf.org/html/rfc4862" title="&quot;IPv6 Stateless Address Autoconfiguration&quot;">RFC4862</a>], it is possible
   that the NAS will require both stateful and stateless configuration
   information.  Therefore, it is possible for the Framed-IPv6-Address,
   Framed-IPv6-Prefix, and Framed-Interface-Id Attributes [<a href="https://tools.ietf.org/html/rfc3162" title="&quot;RADIUS and IPv6&quot;">RFC3162</a>] to
   be included within the same packet.  To avoid ambiguity in this case,
   the Framed-IPv6-Address Attribute is intended for authorization and
   accounting of DHCPv6-assigned addresses, and the Framed-IPv6-Prefix
   and Framed-Interface-Id Attributes are used for authorization and
   accounting of addresses assigned via SLAAC.

<span class="h3"><h3><a class="selflink" name="section-2.2" href="#section-2.2">2.2</a>.  DNS Servers</h3></span>

   DHCPv6 provides an option for configuring a host with the IPv6
   address of a DNS server.  The IPv6 address of a DNS server can also
   be conveyed to the host using ICMPv6 with Router Advertisements, via
   the Recursive DNS Server Option [<a href="https://tools.ietf.org/html/rfc6106" title="&quot;IPv6 Router Advertisement Options for DNS Configuration&quot;">RFC6106</a>].  To provide the NAS with
   the IPv6 address of one or more DNS servers, this document specifies
   the DNS-Server-IPv6-Address Attribute (<a href="#section-3.2">Section 3.2</a>).

<span class="h3"><h3><a class="selflink" name="section-2.3" href="#section-2.3">2.3</a>.  IPv6 Route Information</h3></span>

   The IPv6 Route Information Option [<a href="https://tools.ietf.org/html/rfc4191" title="&quot;Default Router Preferences and More-Specific Routes&quot;">RFC4191</a>], is intended to be used
   to inform a host connected to the NAS that a specific route is
   reachable via any given NAS.

   This document specifies the Route-IPv6-Information Attribute
   (<a href="#section-3.3">Section 3.3</a>) that allows the AAA server to provision the
   announcement by the NAS of a specific Route Information Option to an
   accessing host.  The NAS may advertise this route using the method
   defined in <a href="https://tools.ietf.org/html/rfc4191">RFC 4191</a> or other equivalent methods.  Any other
   information, such as preference or lifetime values, that is to be
   present in the actual announcement using a given method is assumed to
   be determined by the NAS using means not specified by this document
   (e.g., local configuration on the NAS).

   While the Framed-IPv6-Prefix Attribute (<a href="https://tools.ietf.org/html/rfc3162#section-2.3">[RFC3162], Section&nbsp;2.3</a>)
   allows the route to be advertised in an RA, it cannot be used to
   configure more specific routes.  While the Framed-IPv6-Route
   Attribute (<a href="https://tools.ietf.org/html/rfc3162#section-2.5">[RFC3162], Section&nbsp;2.5</a>) causes the route to be configured
   on the NAS and potentially to be announced via an IP routing
   protocol, depending on the value of Framed-Routing, it does not
   result in the route being announced in an RA.








<span class="grey">Dec, et al.                  Standards Track                    [Page 5]</span>
</pre><!--NewPage--><pre class="newpage"><a name="page-6" id="page-6" href="#page-6" class="invisible"> </a>
<span class="grey"><a href="https://tools.ietf.org/html/rfc6911">RFC 6911</a>                   RADIUS IPv6 Access                 April 2013</span>


<span class="h3"><h3><a class="selflink" name="section-2.4" href="#section-2.4">2.4</a>.  Delegated IPv6 Prefix Pool</h3></span>

   DHCPv6 Prefix Delegation (DHCPv6-PD) [<a href="https://tools.ietf.org/html/rfc3633" title="&quot;IPv6 Prefix Options for Dynamic Host Configuration Protocol (DHCP) version 6&quot;">RFC3633</a>] involves a delegating
   router selecting a prefix and delegating it on a temporary basis to a
   requesting router.  The delegating router may implement a number of
   strategies as to how it chooses what prefix is to be delegated to a
   requesting router, one of them being the use of a local named prefix
   pool.  The Delegated-IPv6-Prefix-Pool Attribute (<a href="#section-3.4">Section 3.4</a>) allows
   the RADIUS server to convey a prefix pool name to a NAS that is
   hosting a DHCPv6-PD server and that is acting as a delegating router.

   Because DHCPv6 Prefix Delegation can be used with SLAAC on the same
   network, it is possible for the Delegated-IPv6-Prefix-Pool and
   Framed-IPv6-Pool Attributes to be included within the same packet.
   To avoid ambiguity in this scenario, use of the Delegated-IPv6-
   Prefix-Pool Attribute should be restricted to authorization and
   accounting of prefix pools used in DHCPv6 Prefix Delegation, and the
   Framed-IPv6-Pool Attribute should be used for authorization and
   accounting of prefix pools used in SLAAC.

<span class="h3"><h3><a class="selflink" name="section-2.5" href="#section-2.5">2.5</a>.  Stateful IPv6 Address Pool</h3></span>

   DHCPv6 [<a href="https://tools.ietf.org/html/rfc3315" title="&quot;Dynamic Host Configuration Protocol for IPv6 (DHCPv6)&quot;">RFC3315</a>] provides a mechanism to assign one or more non-
   temporary IPv6 addresses to hosts.  <a href="#section-3.1">Section 3.1</a> introduces the
   Framed-IPv6-Address Attribute to be used to provide a DHCPv6 server
   residing on a NAS with one or more IPv6 addresses to be assigned to
   the clients.  An alternative way to achieve a similar result is for
   the NAS to select the IPv6 address to be assigned from an address
   pool configured for this purpose on the NAS.  This document specifies
   the Stateful-IPv6-Address-Pool Attribute (<a href="#section-3.5">Section 3.5</a>) to allow the
   RADIUS server to convey a pool name to be used for such stateful
   DHCPv6-based addressing and for any subsequent accounting.

<span class="h2"><h2><a class="selflink" name="section-3" href="#section-3">3</a>.  Attributes</h2></span>

   The fields shown in the diagrams below are transmitted from left to
   right.

<span class="h3"><h3><a class="selflink" name="section-3.1" href="#section-3.1">3.1</a>.  Framed-IPv6-Address</h3></span>

   The Framed-IPv6-Address Attribute indicates an IPv6 address that is
   assigned to the NAS-facing interface of the RG/host.  It MAY be used
   in Access-Accept packets and MAY appear multiple times.  It MAY be
   used in an Access-Request packet as a hint by the NAS to the RADIUS
   server that it would prefer this IPv6 address, but the RADIUS server
   is not required to honor the hint.  Because it is assumed that the





<span class="grey">Dec, et al.                  Standards Track                    [Page 6]</span>
</pre><!--NewPage--><pre class="newpage"><a name="page-7" id="page-7" href="#page-7" class="invisible"> </a>
<span class="grey"><a href="https://tools.ietf.org/html/rfc6911">RFC 6911</a>                   RADIUS IPv6 Access                 April 2013</span>


   NAS will add a route corresponding to the address, it is not
   necessary for the RADIUS server to also send a host Framed-IPv6-Route
   Attribute for the same address.

   This Attribute can be used by a DHCPv6 process on the NAS to assign a
   unique IPv6 address to the RG/host.

   A summary of the Framed-IPv6-Address Attribute format is shown below.
   The format of the Address field is identical to that of the
   corresponding field in the NAS-IPv6-Address Attribute [<a href="https://tools.ietf.org/html/rfc3162" title="&quot;RADIUS and IPv6&quot;">RFC3162</a>].

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |     Length    |            Address
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                             Address (cont)
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                             Address (cont)
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                             Address (cont)
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
            Address (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      168 for Framed-IPv6-Address

   Length

      18

   Address

      A 128-bit IPv6 address.















<span class="grey">Dec, et al.                  Standards Track                    [Page 7]</span>
</pre><!--NewPage--><pre class="newpage"><a name="page-8" id="page-8" href="#page-8" class="invisible"> </a>
<span class="grey"><a href="https://tools.ietf.org/html/rfc6911">RFC 6911</a>                   RADIUS IPv6 Access                 April 2013</span>


<span class="h3"><h3><a class="selflink" name="section-3.2" href="#section-3.2">3.2</a>.  DNS-Server-IPv6-Address</h3></span>

   The DNS-Server-IPv6-Address Attribute contains the IPv6 address of a
   DNS server.  This Attribute MAY be included multiple times in Access-
   Accept packets when the intention is for a NAS to announce more than
   one DNS server address to an RG/host.  The Attribute MAY be used in
   an Access-Request packet as a hint by the NAS to the RADIUS server
   regarding the DNS IPv6 address, but the RADIUS server is not required
   to honor the hint.

   The content of this Attribute can be copied to an instance of the
   DHCPv6 DNS Recursive Name Server Option [<a href="https://tools.ietf.org/html/rfc3646" title="&quot;DNS Configuration options for Dynamic Host Configuration Protocol for IPv6 (DHCPv6)&quot;">RFC3646</a>] or to an IPv6
   Router Advertisement Recursive DNS Server Option [<a href="https://tools.ietf.org/html/rfc6106" title="&quot;IPv6 Router Advertisement Options for DNS Configuration&quot;">RFC6106</a>].  If more
   than one DNS-Server-IPv6-Address Attribute is present in the Access-
   Accept packet, the addresses from the Attributes SHOULD be copied in
   the same order as received.

   A summary of the DNS-Server-IPv6-Address Attribute format is given
   below.  The format of the Address field is the same as that of the
   corresponding field in the NAS-IPv6-Address Attribute [<a href="https://tools.ietf.org/html/rfc3162" title="&quot;RADIUS and IPv6&quot;">RFC3162</a>].

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |     Length    |            Address
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                             Address (cont)
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                             Address (cont)
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                             Address (cont)
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
            Address (cont)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      169 for DNS-Server-IPv6-Address

   Length

      18

   Address

      The 128-bit IPv6 address of a DNS server.





<span class="grey">Dec, et al.                  Standards Track                    [Page 8]</span>
</pre><!--NewPage--><pre class="newpage"><a name="page-9" id="page-9" href="#page-9" class="invisible"> </a>
<span class="grey"><a href="https://tools.ietf.org/html/rfc6911">RFC 6911</a>                   RADIUS IPv6 Access                 April 2013</span>


<span class="h3"><h3><a class="selflink" name="section-3.3" href="#section-3.3">3.3</a>.  Route-IPv6-Information</h3></span>

   The Route-IPv6-Information Attribute specifies a prefix (and
   corresponding route) for the user on the NAS, which is to be
   announced using the Route Information Option defined in "Default
   Router Preferences and More Specific Routes" <a href="https://tools.ietf.org/html/rfc4191#section-2.3">[RFC4191], Section&nbsp;2.3</a>.
   It is used in the Access-Accept packet and can appear multiple times.
   It MAY be used in an Access-Request packet as a hint by the NAS to
   the RADIUS server, but the RADIUS server is not required to honor the
   hint.  The Route-IPv6-Information Attribute format is depicted below.
   The format of the prefix is as per [<a href="https://tools.ietf.org/html/rfc3162" title="&quot;RADIUS and IPv6&quot;">RFC3162</a>].

       0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |     Type      |    Length     |   Reserved    | Prefix-Length |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                                                               |
      .                        Prefix (variable)                      .
      .                                                               .
      |                                                               |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      170 for Route-IPv6-Information

   Length

      Length, in bytes.  At least 4 and no larger than 20; typically, 12
      or less.

   Prefix Length

      8-bit unsigned integer.  The number of leading bits in the prefix
      that are valid.  The value can range from 0 to 128.  The prefix
      field is 0, 8, or 16 octets depending on Length.

   Prefix

      Variable-length field containing an IP prefix.  The prefix length
      field contains the number of valid leading bits in the prefix.
      The bits in the prefix after the prefix length, if any, are
      reserved and MUST be initialized to zero.







<span class="grey">Dec, et al.                  Standards Track                    [Page 9]</span>
</pre><!--NewPage--><pre class="newpage"><a name="page-10" id="page-10" href="#page-10" class="invisible"> </a>
<span class="grey"><a href="https://tools.ietf.org/html/rfc6911">RFC 6911</a>                   RADIUS IPv6 Access                 April 2013</span>


<span class="h3"><h3><a class="selflink" name="section-3.4" href="#section-3.4">3.4</a>.  Delegated-IPv6-Prefix-Pool</h3></span>

   The Delegated-IPv6-Prefix-Pool Attribute contains the name of an
   assigned pool that SHOULD be used to select an IPv6 delegated prefix
   for the user on the NAS.  If a NAS does not support prefix pools, the
   NAS MUST ignore this Attribute.  It MAY be used in an Access-Request
   packet as a hint by the NAS to the RADIUS server regarding the pool,
   but the RADIUS server is not required to honor the hint.

   A summary of the Delegated-IPv6-Prefix-Pool Attribute format is shown
   below.

       0                   1                   2
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |     Type      |    Length     |     String...
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      171 for Delegated-IPv6-Prefix-Pool

   Length

      Length, in bytes.  At least 3.

   String

      The string field contains the name of an assigned IPv6 prefix pool
      configured on the NAS.  The field is not NULL (hexadecimal 00)
      terminated.

   Note: The string data type is as documented in [<a href="https://tools.ietf.org/html/rfc6158" title="&quot;RADIUS Design Guidelines&quot;">RFC6158</a>] and carries
   binary data that is external to the RADIUS protocol, e.g., the name
   of a pool of prefixes configured on the NAS.
















<span class="grey">Dec, et al.                  Standards Track                   [Page 10]</span>
</pre><!--NewPage--><pre class="newpage"><a name="page-11" id="page-11" href="#page-11" class="invisible"> </a>
<span class="grey"><a href="https://tools.ietf.org/html/rfc6911">RFC 6911</a>                   RADIUS IPv6 Access                 April 2013</span>


<span class="h3"><h3><a class="selflink" name="section-3.5" href="#section-3.5">3.5</a>.  Stateful-IPv6-Address-Pool</h3></span>

   The Stateful-IPv6-Address-Pool Attribute contains the name of an
   assigned pool that SHOULD be used to select an IPv6 address for the
   user on the NAS.  If a NAS does not support address pools, the NAS
   MUST ignore this Attribute.  A summary of the Stateful-IPv6-Address-
   Pool Attribute format is shown below.  It MAY be used in an Access-
   Request packet as a hint by the NAS to the RADIUS server regarding
   the pool, but the RADIUS server is not required to honor the hint.

       0                   1                   2
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |     Type      |    Length     |     String...
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      172 for Stateful-IPv6-Address-Pool

   Length

      Length, in bytes.  At least 3.

   String

      The string field contains the name of an assigned IPv6 stateful
      address pool configured on the NAS.  The field is not NULL
      (hexadecimal 00) terminated.

   Note: The string data type is as documented in [<a href="https://tools.ietf.org/html/rfc6158" title="&quot;RADIUS Design Guidelines&quot;">RFC6158</a>] and carries
   binary data that is external to the RADIUS protocol, e.g., the name
   of a pool of addresses configured on the NAS.

<span class="h3"><h3><a class="selflink" name="section-3.6" href="#section-3.6">3.6</a>.  Table of Attributes</h3></span>

   The following table provides a guide to which Attributes may be found
   in which kinds of packets, and in what quantity.  The optional
   inclusion of the options in Access Request messages is intended to
   allow for a NAS to provide the RADIUS server with a hint of the
   Attributes in advance of user authentication, which may be useful in
   cases in which a user reconnects or has a static address.  The server
   is under no obligation to honor such hints.








<span class="grey">Dec, et al.                  Standards Track                   [Page 11]</span>
</pre><!--NewPage--><pre class="newpage"><a name="page-12" id="page-12" href="#page-12" class="invisible"> </a>
<span class="grey"><a href="https://tools.ietf.org/html/rfc6911">RFC 6911</a>                   RADIUS IPv6 Access                 April 2013</span>


   Request Accept Reject Challenge Accounting  #  Attribute
                                   Request
   0+      0+     0      0         0+   168   Framed-IPv6-Address
   0+      0+     0      0         0+   169   DNS-Server-IPv6-Address
   0+      0+     0      0         0+   170   Route-IPv6-Information
   0+      0+     0      0         0+   171   Delegated-IPv6-Prefix-Pool
   0+      0+     0      0         0+   172   Stateful-IPv6-Address-Pool

<span class="h2"><h2><a class="selflink" name="section-4" href="#section-4">4</a>.  Diameter Considerations</h2></span>

   Given that the Attributes defined in this document are allocated from
   the standard RADIUS type space (see <a href="#section-6">Section 6</a>), no special handling
   is required by Diameter entities.

<span class="h2"><h2><a class="selflink" name="section-5" href="#section-5">5</a>.  Security Considerations</h2></span>

   This document specifies additional IPv6 RADIUS Attributes useful in
   residential broadband network deployments.  In such networks, the
   RADIUS protocol may run either over IPv4 or over IPv6, and known
   security vulnerabilities of the RADIUS protocol, e.g., [<a href="#ref-SECI" title="&quot;An Analysis of the RADIUS Authentication Protocol&quot;">SECI</a>], apply
   to the Attributes defined in this document.  A trust relationship
   between a NAS and RADIUS server is expected to be in place, with
   communication optionally secured by IPsec or Transport Layer Security
   (TLS) [<a href="https://tools.ietf.org/html/rfc6614" title="&quot;Transport Layer Security (TLS) Encryption for RADIUS&quot;">RFC6614</a>].

<span class="h2"><h2><a class="selflink" name="section-6" href="#section-6">6</a>.  IANA Considerations</h2></span>

   IANA has assigned five new RADIUS Attribute types in the "Radius
   Attribute Types" registry (currently located at
   <a href="http://www.iana.org/assignments/radius-types">http://www.iana.org/assignments/radius-types</a>) for the following
   Attributes:

   o  Framed-IPv6-Address

   o  DNS-Server-IPv6-Address

   o  Route-IPv6-Information

   o  Delegated-IPv6-Prefix-Pool

   o  Stateful-IPv6-Address-Pool










<span class="grey">Dec, et al.                  Standards Track                   [Page 12]</span>
</pre><!--NewPage--><pre class="newpage"><a name="page-13" id="page-13" href="#page-13" class="invisible"> </a>
<span class="grey"><a href="https://tools.ietf.org/html/rfc6911">RFC 6911</a>                   RADIUS IPv6 Access                 April 2013</span>


<span class="h2"><h2><a class="selflink" name="section-7" href="#section-7">7</a>.  Acknowledgments</h2></span>

   The authors would like to thank Bernard Aboba, Benoit Claise, Peter
   Deacon, Alan DeKok, Ralph Droms, Brian Haberman, Alfred Hines,
   Stephen Farrell, Jouni Korhonen, Roberta Maglione, Pete Resnick, Mark
   Smith, and Leaf Yeh for their help and comments in reviewing this
   document.

<span class="h2"><h2><a class="selflink" name="section-8" href="#section-8">8</a>.  References</h2></span>

<span class="h3"><h3><a class="selflink" name="section-8.1" href="#section-8.1">8.1</a>.  Normative References</h3></span>

   [<a name="ref-RFC2119" id="ref-RFC2119">RFC2119</a>]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", <a href="https://tools.ietf.org/html/bcp14">BCP 14</a>, <a href="https://tools.ietf.org/html/rfc2119">RFC 2119</a>, March 1997.

   [<a name="ref-RFC4862" id="ref-RFC4862">RFC4862</a>]  Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless
              Address Autoconfiguration", <a href="https://tools.ietf.org/html/rfc4862">RFC 4862</a>, September 2007.

<span class="h3"><h3><a class="selflink" name="section-8.2" href="#section-8.2">8.2</a>.  Informative References</h3></span>

   [<a name="ref-RFC3162" id="ref-RFC3162">RFC3162</a>]  Aboba, B., Zorn, G., and D. Mitton, "RADIUS and IPv6", <a href="https://tools.ietf.org/html/rfc3162">RFC</a>
              <a href="https://tools.ietf.org/html/rfc3162">3162</a>, August 2001.

   [<a name="ref-RFC3315" id="ref-RFC3315">RFC3315</a>]  Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C.,
              and M. Carney, "Dynamic Host Configuration Protocol for
              IPv6 (DHCPv6)", <a href="https://tools.ietf.org/html/rfc3315">RFC 3315</a>, July 2003.

   [<a name="ref-RFC3633" id="ref-RFC3633">RFC3633</a>]  Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic
              Host Configuration Protocol (DHCP) version 6", <a href="https://tools.ietf.org/html/rfc3633">RFC 3633</a>,
              December 2003.

   [<a name="ref-RFC3646" id="ref-RFC3646">RFC3646</a>]  Droms, R., "DNS Configuration options for Dynamic Host
              Configuration Protocol for IPv6 (DHCPv6)", <a href="https://tools.ietf.org/html/rfc3646">RFC 3646</a>,
              December 2003.

   [<a name="ref-RFC4191" id="ref-RFC4191">RFC4191</a>]  Draves, R. and D. Thaler, "Default Router Preferences and
              More-Specific Routes", <a href="https://tools.ietf.org/html/rfc4191">RFC 4191</a>, November 2005.

   [<a name="ref-RFC4818" id="ref-RFC4818">RFC4818</a>]  Salowey, J. and R. Droms, "RADIUS Delegated-IPv6-Prefix
              Attribute", <a href="https://tools.ietf.org/html/rfc4818">RFC 4818</a>, April 2007.

   [<a name="ref-RFC6106" id="ref-RFC6106">RFC6106</a>]  Jeong, J., Park, S., Beloeil, L., and S. Madanapalli,
              "IPv6 Router Advertisement Options for DNS Configuration",
              <a href="https://tools.ietf.org/html/rfc6106">RFC 6106</a>, November 2010.

   [<a name="ref-RFC6158" id="ref-RFC6158">RFC6158</a>]  DeKok, A. and G. Weber, "RADIUS Design Guidelines", <a href="https://tools.ietf.org/html/bcp158">BCP</a>
              <a href="https://tools.ietf.org/html/bcp158">158</a>, <a href="https://tools.ietf.org/html/rfc6158">RFC 6158</a>, March 2011.




<span class="grey">Dec, et al.                  Standards Track                   [Page 13]</span>
</pre><!--NewPage--><pre class="newpage"><a name="page-14" id="page-14" href="#page-14" class="invisible"> </a>
<span class="grey"><a href="https://tools.ietf.org/html/rfc6911">RFC 6911</a>                   RADIUS IPv6 Access                 April 2013</span>


   [<a name="ref-RFC6614" id="ref-RFC6614">RFC6614</a>]  Winter, S., McCauley, M., Venaas, S., and K. Wierenga,
              "Transport Layer Security (TLS) Encryption for RADIUS",
              <a href="https://tools.ietf.org/html/rfc6614">RFC 6614</a>, May 2012.

   [<a name="ref-SECI" id="ref-SECI">SECI</a>]     Hill, J., "An Analysis of the RADIUS Authentication
              Protocol", November 2001, &lt;<a href="http://regul.uni-mb.si/~meolic/ptk-seminarske/radius.pdf">http://regul.uni-mb.si/~meolic/</a>
              <a href="http://regul.uni-mb.si/~meolic/ptk-seminarske/radius.pdf">ptk-seminarske/radius.pdf</a>&gt;.












































<span class="grey">Dec, et al.                  Standards Track                   [Page 14]</span>
</pre><!--NewPage--><pre class="newpage"><a name="page-15" id="page-15" href="#page-15" class="invisible"> </a>
<span class="grey"><a href="https://tools.ietf.org/html/rfc6911">RFC 6911</a>                   RADIUS IPv6 Access                 April 2013</span>


Authors' Addresses

   Wojciech Dec (editor)
   Cisco Systems, Inc.
   Haarlerbergweg 13-19
   Amsterdam, Noord-Holland 1101 CH
   Netherlands

   EMail: wdec@cisco.com


   Behcet Sarikaya
   Huawei USA
   1700 Alma Drive, Suite 500
   Plano, TX
   US

   Phone: +1 972-509-5599
   EMail: sarikaya@ieee.org


   Glen Zorn (editor)
   Network Zen
   227/358 Thanon Sanphawut
   Bang Na, Bangkok  10260
   Thailand

   Phone: +66 (0) 8-1000-4155
   EMail: glenzorn@gmail.com


   David Miles
   Google

   EMail: davidmiles@google.com


   Benoit Lourdelet
   Juniper Networks
   France

   EMail: blourdel@juniper.net









Dec, et al.                  Standards Track                   [Page 15]

</pre><br>
<span class="noprint"><small><small>Html markup produced by rfcmarkup 1.109, available from
<a href="https://tools.ietf.org/tools/rfcmarkup/">https://tools.ietf.org/tools/rfcmarkup/</a>
</small></small></span>

</body></html>